Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Back and a Question

Re: Back and a Question

From: Jared Still <jkstill_at_gmail.com>
Date: Tue, 15 Aug 2006 15:39:08 -0700
Message-ID: <bf46380608151539l1a48c7c2x59f82c07b79677cc@mail.gmail.com> 





On 15 Aug 2006 13:03:01 -0700, David Aldridge <david_at_david-aldridge.com>
wrote:


>

> Tsh, is there any lie that those operations people won't tell in order

> to keep us out of their sandbox?

>

> Seriously though, I don't think that SOX is that detailed, and I don't

> believe any STIG is either. It sounds like that rule is more along the

> lines of an _interpretation_ of the regulations, or a quoting of the

> regulations to justify a rule (depending on your degree of cynicism).






SOX is not that detailed.



The details are agreed upon by your company and your auditing company of
choice.



There are no rules that state "developers cannot have access to production
data"



It is highly unlikely that a developer, or anyone else for that matter, will
get an


account that is anything other than read only.



DBAs are an exception to that.   There should be safeguards to ensure that
DBAs cannot muck around with that data.  I believe Oracle Data Vault will do
that.




Jared Still


Certifiable Oracle DBA and Part Time Perl Evangelist


--
http://www.freelists.org/webpage/oracle-l


Received on Tue Aug 15 2006 - 17:39:08 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US